Navigation

mongocli atlas dbuser certs create

The dbuser certs create command creates an Atlas-managed X.509 certificate for the specified MongoDB database user who authenticates using X.509 certificates. You can also create an Atlas-managed X.509 certificate for a MongoDB database user through the Atlas UI or API.

Important

You cannot use the dbuser certs create command to list certificates for MongoDB database users if

  • You are managing your own Certificate Authority (CA) in Self-Managed X.509 mode. You must generate certificates for database users using your own CA.
  • The user you specify does not authenticate using X.509 certificates.
mongocli atlas dbuser certs create
[ --monthsUntilExpiration <number of months until certificate expires> ]
[ --output|-o <output-format> ]
[ --profile|-P <profile-name> ]
[ --projectId <project-ID> ]
--username <name-of-user>
Note

Use -h or --help to view the command-line help for this command.

Option
Type
Description
Required?
--monthsUntilExpiration
integer
Months until the X.509 certificate expires. Maximum value is 24. Defaults to 3.
no
--output, -o
string

Command output format. Valid values are:

  • json for output in JSON format
  • go-template for custom output using the Go template
  • go-template-file for custom output specified using the Go template file

If omitted, the command returns output in the default format.

no
--profile, -P
string
Name of the profile where the public and private keys for the project are saved. If omitted, uses the default profile. To learn more about creating a profile, see Configure the MongoDB CLI.
no
--projectId
string

Unique identifier of the project. If omitted, uses the project ID in the profile or environment variable.

no
--username
string
Username for whom you want to create a X.509 certificate.
yes

The command prints the following fields in the specified format to the terminal if the command succeeds. If the command prints an error, see Troubleshooting for recommended solutions.

Field
Description
certificate
The PEM-encoded X.509 certificate that Atlas created for the user.
monthsUntilExpiration
Months until the X.509 certificate expires. Maximum value is 24. Defaults to 3.
username
Username for whom Atlas generated the x.509 certificate.

The following example uses the mongocli atlas dbuser certs create command to create an Atlas-managed X.509 certificate for a MongoDB database user dbuser. It uses the default profile to access Atlas and generate the X.509 certificate.

mongocli atlas dbuser certs create --username dbuser --output json
--monthsUntilExpiration 3 --projectId 5e2211c17a3e5a48f5497de3

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

{
"username": "dbuser",
"monthsUntilExpiration": 3,
"certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
}
Give Feedback